Thirty New York residents and an unknown number of customers nationwide had their information accessed. The unauthorized access by an Experian client resulted in the exposure of names, dates of birth, account numbers, Social Security numbers and addresses.

Information Source:
Dataloss DB

records from this breach used in our total:
30

August 21, 2006

U.S. Department of Education via contractor, DTI AssociatesWashington, District Of Columbia

GOV

PORT

43

Two laptops were stolen
from DTI's office in downtown DC containing personal information on
43 grant reviewers for the Teacher Incentive Fund. DTI could not rule
out that the data included SSNs.

Information Source:
Dataloss DB

records from this breach used in our total:
43

August 22, 2006

AFLAC American Family Life Assurance Co.Greenville, South Carolina

BSF

PORT

612 policyholders

(888) 794-2352

A laptop containing customers'
personal information was stolen from an agent's car. It contained
names, addresses, SSNs, and birth dates of 612 policyholders. They
were notified Aug. 11.

Information Source:
Dataloss DB

records from this breach used in our total:
612

August 22, 2006

Beaverton School DistrictBeaverton, Oregon

EDU

PHYS

1,600 employees

Time slips revealing personal
information were missing and presumed stolen following a July 24 break-in
at a storage shed on the administration office's property. The time
slips included names and SSNs but not addresses.

Information Source:
Dataloss DB

records from this breach used in our total:
1,600

August 22, 2006

Beaumont HospitalTroy, Michigan

MED

PORT

28,473

A vehicle of a home health
care nurse was stolen from outside a senior center Aug. 5. Although
it was recovered nearby, a laptop left in the rear of the car was
not recovered. It contained names, addresses, SSNs, and insurance
information of home health care patients.

UPDATE
(8/23/06). The laptop was returned
Aug. 23 by a woman who said she found it in her yard.

A faulty Web site software
upgrade resulted in personal information of 21,000 student loan holders
being exposed on the U.S. Department of Education's loan Web site. Information included
names, birthdates, SSNs, addresses, phone numbers, and in some cases,
account information. Affiliated Computer Services Inc. is the contractor
responsible for the breach. The breach did not include those whose
loans are managed through private companies.

Information Source:
Dataloss DB

records from this breach used in our total:
21,000

August 25, 2006

Dominion ResourcesRichmond, Virginia

BSO

PORT

Unknown

Two laptops containing employee
information were stolen earlier in August. It was not clear what type
of data were included. No customer records were on the computers.
Dominion operates a gas and electric energy distribution company.

A laptop that might contain personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.

Information Source:
Dataloss DB

records from this breach used in our total:
0

August 25, 2006

Sovereign BankNew Bedford, Massachusetts

BSF

PORT

thousands of customers

Personal data may have been
compromised when 3 managers' laptops were stolen from 2 separate locations
in early August. Customers were notified Aug. 21. Sovereign serves
New England and the Mid-Atlantic. The bank said the data included
unspecified customer information, but not account data.

Information Source:
Dataloss DB

records from this breach used in our total:
0

August 25, 2006

Verizon WirelessBasking Ridge, New Jersey

BSR

DISC

5,210 (No SSNs or financial information reported)

A Microsoft Excel spreadsheet file with the information of 5,210 customers was accidentally distributed to 1,800 Verizon Wireless subscribers. The information included names, email addresses, cell phone numbers and cell phone models. The file was accidentally attached to an ad for a Bluetooth wireless headset.

Information Source:
Dataloss DB

records from this breach used in our total:
0

August 26, 2006

PortTixPortland, Maine

BSO

HACK

2,000

Credit card information
for about 2,000 people who ordered tickets online through PortTix
was accessed by someone who hacked into the Web site. PortTix is Merrill
Auditorium's ticketing agency. The Web site was secured as of Aug.
24.

Information Source:
Dataloss DB

records from this breach used in our total:
2,000

August 26, 2006

University of South CarolinaColumbia, South Carolina

EDU

HACK

6,000

TheState.com reported that the University of South Carolina warned 6,000 current and former students that their information, including Social Security numbers and birth dates, may have been breached when a server was accessed from outside the system.

Information Source:
Media

records from this breach used in our total:
6,000

August 27, 2006

New Mexico Administrative Office of the CourtsSanta Fe, New Mexico

GOV

DISC

1,500 employees

For 8 days in late May,
an unsecured document was exposed on the agency's FTP site on the
state's computer server. It contained names, birth dates, SSNs, home
addresses and other personal information of judicial branch employees.
The FTP site was shut down June 2 and has since be redesigned.

Information Source:
Dataloss DB

records from this breach used in our total:
1,500

August 28, 2006

Copart, Inc.Fairfield, California

BSR

HACK

43,764 (No SSNs or financial information reported)

Hackers may have acquired the full names of customers, business and home addresses, telephone numbers, email addresses, driver's license numbers and possibly driver's license photographs. The website breach was discovered on July 17 and customers were notified on August 28. No Social Security numbers or financial information was accessed.

Information Source:
Dataloss DB

records from this breach used in our total:
0

August 29, 2006

Valley Baptist Medical CenterHarlingen, Texas

MED

DISC

Unknown

(877) 840-5999

A programming error on the
hospital's web site exposed names, birth dates, and SSNs of healthcare
workers in late August. The error was fixed but it is not known how
long the personal information was compromised. The affected individuals
are workers from outside the hospital who provide services and bill
the hospital via an online form.

Computer hackers accessed
credit card account data and other personal information of customers
who purchased DSL equipment from AT&T's online store. The company
is notifying fewer than 19,000 customers.

UPDATE (9/1/06).
The breach was followed by a bogus phishing e-mail to those customers
that attempted to trick them into revealing more info such as SSN
and birthdate -- essential for crime of identity theft.

Information Source:
Dataloss DB

records from this breach used in our total:
19,000

August 29, 2006

Compass HealthEverett, Washington

MED

PORT

Unknown

(800) 508-0059

Compass Health notified
some of its clients that a laptop containing personal information,
including SSNs, was stolen June 28. The agency serves people who suffer
from mental illness.

Computer discs with sensitive customer information were stolen from a Paymap facility in September of 2005. People who were subscribers between 1999 and 2002 may have been affected. The theft was not discovered until an unrelated mail fraud investigation was in process. information included names, addresses, telephone numbers, Social Security numbers, loan account numbers, bank account information, copies of signatures and copies of voided or cleared personal checks.

In early August, CoreLogic
notified customers of ComUnity Lending that a computer with customers'
data was stolen from its office. Data included names, SSNs, and property
addresses related to an existing or anticipated mortgage loan.

Information Source:
Security Breach Letter

records from this breach used in our total:
0

August 31, 2006

Labcorp Monroe, New Jersey

MED

STAT

Unknown

(800) 788-9091 x3925

During a break-in June 4
or 5, a computer was stolen that contained names and SSNs, but according
to the company did not have birth dates or lab test results.

In a letter dated Aug. 28,
the company notified its employees that a laptop and data disk were
stolen from the locked trunk of an unnamed auditor, hired to audit
the employees' health plan. Data included names, SSNs, and information
about drug claim cost and dates from 2005, but no prescription information
said the company.

Personal information of
freshmen and graduate engineering students from 1998 through 2005
was exposed on the Internet for 8 months (Jan. - Aug.) due to human
error. It was discovered by a student who used a search engine to
find her name. The data included SSNs and e-mail addresses.

A laptop was stolen from
the home of one of the contractor's employees in April 2005. It was reported
to the city July 2006. Data included names,
addresses, phone numbers, birth dates and SSNs for those in the city's
deferred compensation plan.

A hacker may have accessed personal information. A customer named Diversified Capital noticed unusual activity on its account. An investigation revealed that the unauthorized access was most likely the result of a stolen password or unauthorized use of the password. The breach was first noticed on July 17 and notification was sent on August 10.

In late August 2006, Accenture,
a contractor for TSA mailed documents containing former employees'
SSN,, date of birth, and salary information to the wrong addresses
due to an administrative error.

Information Source:
Dataloss DB

records from this breach used in our total:
1,195

September 5, 2006

TLM Partners LPPalm Beach, Florida

BSF

PORT

Unknown

Two backup computer tapes were stolen from a vehicle during a June 8 theft. The tapes contained names, addresses and Social Security numbers. The tapes were discovered missing on July 6 and an unknown number of affected clients were notified on July 11. At least two New York residents were affected.

Information Source:
Dataloss DB

records from this breach used in our total:
0

September 5, 2006

Disney Worldwide Services, Inc.Burbank, California

BSR

PORT

23

A laptop with former employee information was stolen. The information included names, Social Security numbers, phone numbers, dates of birth, gender, marital status, workplace email and compensation information. At least 23 New York residents were affected, but the number of affected former employees nationwide was not reported.

Information Source:
Dataloss DB

records from this breach used in our total:
23

September 7, 2006

Florida National GuardBradenton, Florida

GOV

PORT

100

A laptop computer was stolen
from a soldier's vehicle contained training and administrative records,
including Social Security numbers of up to 100 Florida National Guard
soldiers.

A laptop was stolen from an employee's car on July 14. Names and Social Security numbers of employees of Liberty's insureds were exposed. Analysis of the breach was completed on August 22 and notifications were sent in early September.

Information Source:
Dataloss DB

records from this breach used in our total:
672

September 7, 2006

Mystic Stamp CompanyCamden, New York

BSR

HACK

13

The website fell victim to an SQL injection attack. Hackers accessed the website database and obtained customer names, addresses, credit card numbers and expiration dates. The breach was discovered on August 29 and the website's charge card function was disabled.

On Sept. 6, Linden Lab discovered
that a hacker accessed its Second Life database through web servers.
The affected data included unencrypted account names, real life names,
and contact information, plus encrypted account passwords and payment
information. Second Life is a 3-D virtual world.

Information Source:
Dataloss DB

records from this breach used in our total:
0

September 8, 2006

University of MinnesotaMinneapolis, Minnesota

EDU

STAT

13,084 students including
SSNs of 603 students

On August 14-15 eve, two
computers were stolen from the desk of an Institute of Technology
employee, containing information on students who were freshmen from
1992-2006 -- including names, birthdates, addresses, phone numbers,
high schools attended, student ID numbers, grades, test scores, and,
academic probation. SSNs of 603 students were also exposed.

A confidential list of some
of the County's 25,000 gun permit holders was exposed on the Web by
the contractor that is developing a Web-based computer records program
for the Sheriff's Office. Personal information included names, addresses
and SSNs.

UPDATE
(10/6/06): The Berks County solicitor's office says the entire list
of more than 25,000 gun permit holders was exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
25,000

September 9, 2006

Cleveland ClinicNaples, Florida

MED

INSD

1,100 patients

(866) 907-0675

A clinic employee stole
personal information from electronic files and sold it to her cousin,
owner of Advanced Medical Claims, who used it to file fraudulent Medicare
claims totaling more than $2.8 million. Information included names,
SSNs, birthdates, addresses and other details. Both individuals were
indicted.

Information Source:
Dataloss DB

records from this breach used in our total:
1,100

September 9, 2006

Discover BankGreenwood, Delaware

BSF

PORT

11

At least 11 residents of New York were affected, but the total number of affected clients was not released.

A laptop was stolen from a bank employee's home. The laptop contained bank account information and Social Security numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
11

September 9, 2006

Action Capital Mortgage Services, Inc.Poughkeepsie, New York

BSF

STAT

923

An encrypted server was stolen during an August 23 office burglary. Customer information was lost.

Information Source:
Dataloss DB

records from this breach used in our total:
923

September 11, 2006

Telesource via VekstaIndianapolis, Indiana

BSO

PHYS

Unknown

Employees discovered their
personnel files in a Dumpster after the company had been bought out
by another company Vekstar. The files were discarded when the office
was being cleaned out and shut down. Files contained SSNs, dates of
birth and photocopies of SSN cards and driver's licenses.

Information Source:
Dataloss DB

records from this breach used in our total:
0

September 12, 2006

City of Paris KentuckyParis, Kentucky

GOV

PORT

130

A portable drive that contained the personal information of current and former city employees was lost or stolen in August. Employee names, Social Security numbers and dates of birth were lost.

Information Source:
Dataloss DB

records from this breach used in our total:
130

September 13, 2006

American Family Insurance GroupMadison, Wisconsin

BSF

PORT

2,089 customers

The office of an insurance
agent was broken into and robbed last July. Among the items stolen
was a laptop with customers' names, SSNs, and driver's license numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
2,089

September 14, 2006

Nikon Inc. and Nikon World MagazineMelville, New York

BSR

DISC

3,235 magazine subscribers

Workers at a Montgomery,
AL, camera store discovered that subscription information for the
magazine Nikon World was exposed on the Web for at least 9 hours.
Data included subscribers' names, addresses and credit card numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
3,235

September 14, 2006

Illinois Department of Corrections (IDOC)Springfield, Illinois

GOV

PHYS

16,500

A document containing employees'
personal information was found outside the agency's premises where
it should not have been. It has since been retrieved. Information
included employees' names, SSNs, and salaries.

A memory stick containing
patient information was found July 18 by a local citizen on the ground
at the County Fairgrounds near the hospital's information booth. It
was returned to the hospital four weeks later. Data included names, SSNs, dates of birth, and medical records.

Information Source:
Dataloss DB

records from this breach used in our total:
295

September 15, 2006

Whistle Junction restaurantOrlando, Florida

BSO

PHYS

Unknown

Personnel files of employees
of the now-closed restaurant were found in a nearby Dumpster. Papers
included names and SSNs of former employees,

Information Source:
Dataloss DB

records from this breach used in our total:
0

September 15, 2006

University of Texas San AntonioSan Antonio, Texas

EDU

HACK

64,000

A hacker may have gained access to student and staff names, addresses and Social Security numbers. Students who received financial aid or worked at the University were affected. The breach was discovered during a routine risk assessment of the University's computer servers.

Information Source:
Dataloss DB

records from this breach used in our total:
64,000

September 15, 2006

Columbia UniversityNew York, New York

EDU

INSD

1,132

A temporary employee accessed the personal information of some University employees and used it to establish at least one fraudulent account. The former temp had access to the names, Social Security numbers, addresses, telephone numbers and direct deposit bank account information of a group of employees. The University discovered the breach on August 15 and began notifying affected individuals on August 18.

Information Source:
Dataloss DB

records from this breach used in our total:
1,132

September 15, 2006

Harlem Hospital Center, New York City Health and Hospitals CorporationNew York, New York

MED

PORT

4,000

A computer hard drive was lost or stolen sometime around September 8. The hard drive contained the names and Social Security numbers of current and former Harlem Hospital employees.

Information Source:
Dataloss DB

records from this breach used in our total:
4,000

September 16, 2006

Michigan Department of Community HealthDetroit, Michigan

GOV

PORT

4,000

Residents who participated
in a scientific study were notified that a flash drive was discovered
missing as of Aug. 4, and likely stolen, from an MDCH office.The portable
memory device contained names, addresses, phone numbers, dates of
birth, and SSNs of participants. The study tracked the long-term exposure
to flame retardents ingested by residents in beef and milk.